Hello,
If we are logging into the DMS using an http link instead of HTTPS does that mean that the user data transmitted to the server is un-encrypted?
Thanks!
Hi Joseph,
When using an HTTP URL (without an HTTPS redirect being configured), the DataMiner Cube client will be downloaded over HTTP. Actually connecting to DataMiner is done through .NET Remoting communication. From DataMiner 10.1.7.0 onwards the .NET Remoting communication is encrypted by default (Rijndael algorithm with 256-bit key communicated over a 1024-bit RSA encrypted channel).
The exception to this is the DataMiner Web API, these will always be unencrypted when connecting over HTTP (as is any public API). We therefore highly recommend enabling HTTPS on your DataMiner system.For more information on this, see securing DataMiner.
Also good to know, from DataMiner 10.2.1.0 onwards, DataMiner will automatically install a self-signed certificate so it’s always possible to use a TLS encrypted channel. We’re currently working hard to replace our .NET Remoting dependency with gRPC, which will always use a TLS encrypted communication channel.